Glad to hear that. Powerful but long learning curve. Best of luck.

Glad to hear it helped.

Glad it helped. Thanks for commenting.

Glad i was help. For future reference, Sophos V19 has enhanced the site to site capability. Good luck and thanks for the feedback.

Thanks for the comment. WIll have something in the next week or two.

Glad it was helpful!

@@MikeFaucher your sophos xg videos thought me a lot indeed.

You are right and I actually did a separate video on the switch configuration. kzbin.info/www/bejne/jpTJZGCnbaZkl6c. Thanks for pointing this out.

It is really just a SNAT and translates an external request to an internal device. It is used for things like port forwarding to route the external IP/Port to an internal IP.. Hope that helps.

Have not used Cisco swithches but here is a different video. Things have changed a bit but this will better show how I configured it,

Glad you found it useful.

Thank you for the feedback!

Good feedback, Thanks.

Good question. You actually only need in one or the other not both. Which you use depends on the equipment you have. Since I do not have a layer 3 switch, I used interfaces. Great point.

@@MikeFaucher so in this case...over the layer 2 switche we make same id of vlans???

@@amitsharma-rm3ir You can do it over VLAN interfaces in the router.

Hello @@MikeFaucher can you please give me more informations on how to connect sophos xg with cisco switch after creating Vlans..i mean , i have to use trunk port or acces ?and i thnk i have to create vlan also on cisco switch te performe communication.

RENJITH K NAIR By definition, the VLANs are isolated from each other. You can create a firewall rule that allows certain devices to talk with one another if you require that but under a normal VLAN configuration they only communicate with the WAN. If you allow full communication between two VLANS it mostly defeats the isolation.

You probably do want to add a specific rule that allows access only to the NVR, not the entire VLAN. Another word to "allow" the LAN to access the NVR IP address.

@@MikeFaucher Thank you sir. I look forward to learning more from you.

Absolutely. The process is exactly the same except select deny when creating a firewall rule for that NVR VLAN. Hope that helps.

@@MikeFaucher Thanks for this advice cheers

I am not 100% sure what you are seeing in terms of IP address. The biggest issue I have seen with VLANs is making sure that are setup from start to finish. Specifically, starting from the AP, you need to define a separate WiFI network and it should be set to use the VLAN ID that you want to use. From there, your switch has to be a managed switch or VLAN aware and lastly, your router has to have the DHCP and interface that is dedicated to the that VLAN. It really sounds like there is no DHCP that has been setup. Unify AP are easy to setup with wireless networks but they rely on your router/gateway for DHCP. If you are using Sophos, make sure that you have a dedicated DHCP for the VLAN. Not sure if that helped but let me know.

@@MikeFaucher Thanks for you quick response, it is very appreciated. i did define a separate WiFi Network and set it to use the VLAN ID that i want it to use, also my switch is a manage switch and VLAN aware as i have a couple of those on there as well. i am using Sophos and UniFi AP Pros so it was a complete verbatim replication from you two videos. created the VLAN interface on my sophos under my LAN interface, created a DHCP and assigned it the VLAN interface with the IP lease range, created IP range under host and services, finish up with a firewall rule and then move over to UniFi Controller and created a new WiFi Network with VLAN ID created earlier. but when clients connect, they don't get assigned the IP range specified in my DHCP and so no internet. dont know whats going wrong

@@christian4553 Interesting sounds like you did everything right but something is off if you are not getting the IP range. I assume your devices do not connect to the internet? What range of IP did you expect and what are you getting? I am assuming your switch is set to pass through VLAN traffic? It truly sounds like your devices are not getting to the DHCP server and are being blocked by your switch. Hard to be exact without seeing your exact configuration.

You can do either but I had more predictable behavior when I defined the range. Certainly interested if you get different results. Thanks for the comment.

Not directly but I can something to my list for future consideration. Is the what you are looking more on AC Pro or configuring a dedicated port for AP on Sophos? It will help me if you expand on your question. Thanks for the comment.

@@MikeFaucher we have an existing network, so if possible I would like to create a VLAN on my current LAN and use the VLAN on may AC Pro, btw i dont have USG

Thanks for the explanation. Have you seen this one yet: kzbin.info/www/bejne/jpTJZGCnbaZkl6c

If I understand the question, you can attach the VLAN to any LAN port that you are using so if you have your internal LAN on Port 1, you can and should create VLAN to that port. You have to attach VLANs to the same port you LAN is on. I hope that helps and thanks for the question.

RENJIITH K NAIR Good question. VLANs have to be bound to any physical LAN port so you can create VLANs that are either or both LAN ports, Though it makes things a bit confusing, depending on the physical wiring, I can have a VLAN on one network and a different VLAN completely separate on a different port/network. For clarity, it is always easier to have on physical network and multiple VLANS on that same network. That would be more versatile.

@@MikeFaucher sir also one of the qnap training video .. am waiting for that...how to secure qnap nas..

@@renjiithknair8869 I will add it to my list. Thanks for the suggestion.

Thanks for the feedback and pointing out my naming issue. I appreciate you telling Did not catch that. Thanks again.

Hi sir, your video is very good.i just want know how we can make the communication between that vlan(iot) to Port 1 and Port 1 to vlan( iot)